Пример #1
0
function find_distinct_course_date()
{
    global $connection;
    if (isset($_GET["historical_course_date"])) {
        $safe_course_date = mysql_prep($_GET["historical_course_date"]);
    }
    if (isset($_GET["historical_monthname_course_date"])) {
        $safe_monthname_course_date = mysql_prep($_GET["historical_monthname_course_date"]);
    }
    if (isset($_GET["historical_year_course_date"])) {
        $safe_year_course_date = mysql_prep($_GET["historical_year_course_date"]);
    }
    if (isset($_GET["historical_yearweek_course_date"])) {
        $safe_yearweek_course_date = mysql_prep($_GET["historical_yearweek_course_date"]);
    }
    $query = "SELECT * FROM summary_by_course_date_program ";
    if (isset($safe_course_date)) {
        $query .= "WHERE course_date='{$safe_course_date}' ";
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    if (isset($safe_monthname_course_date) && $safe_monthname_course_date) {
        $query .= "{$whereAnd} monthname(course_date)='{$safe_monthname_course_date}' ";
        $whereAnd = " AND ";
    } elseif ($whereAnd == " AND ") {
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    if (isset($safe_year_course_date) && $safe_year_course_date) {
        $query .= "{$whereAnd} year(course_date)='{$safe_year_course_date}' ";
        $whereAnd = " AND ";
    } elseif ($whereAnd == " AND ") {
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    if (isset($safe_yearweek_course_date) && $safe_yearweek_course_date) {
        $query .= "{$whereAnd} yearweek(course_date)='{$safe_yearweek_course_date}' ";
        $whereAnd = " AND ";
    } elseif ($whereAnd == " AND ") {
        $whereAnd = " AND ";
    } else {
        $whereAnd = " WHERE ";
    }
    //    if (isset($_GET)  ){
    //        if(isset($_GET["course_date"])){
    //            $safe_course_date= mysql_prep($_GET["course_date"]);
    //            $query="WHERE course_date = {$safe_course_date} ";
    //        }
    //    }
    $date_set = mysqli_query($connection, $query);
    confirm_query($date_set);
    return $date_set;
}
function check_max_field_lengths($field_length_array)
{
    $field_errors = array();
    foreach ($field_length_array as $fieldname => $maxlength) {
        if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) {
            $field_errors[] = $fieldname;
        }
    }
    return $field_errors;
}
Пример #3
0
function check_max_fields_length($fields, $post)
{
    //ispraviti greske
    foreach ($fields as $polje => $max_duz) {
        if (strlen(trim(mysql_prep($post[$polje]))) > $max_duz) {
            $errors[] = $polje;
        }
    }
    return $errors;
}
Пример #4
0
function count_modele_by_day($day_no, $visible = 1)
{
    global $connection;
    $safe_day_no = mysql_prep($day_no);
    $safe_visu = mysql_prep($visible);
    $query = "SELECT COUNT(*) AS c FROM programmed_courses_modele WHERE week_day_rank ={$safe_day_no} AND visible=  {$safe_visu} ";
    $result = mysqli_query($connection, $query);
    confirm_query($result);
    $row = mysqli_fetch_assoc($result);
    return $row['c'];
    //
}
Пример #5
0
function find_name_category_links($name_category = null)
{
    global $connection;
    $safe_name_category = mysql_prep($name_category);
    $query = "SELECT * ";
    $query .= "FROM links ";
    if ($name_category) {
        $query .= "WHERE category = '{$safe_name_category}'";
    }
    $query .= "ORDER BY rank ASC";
    $link_set = mysqli_query($connection, $query);
    confirm_query($link_set);
    return $link_set;
}
Пример #6
0
function count_prog_by_date_doubled($date_sql, $pseudo, $heure)
{
    global $connection;
    $safe_date = mysql_prep($date_sql);
    $safe_pseudo = mysql_prep($pseudo);
    $safe_heure = mysql_prep($heure);
    $query = "SELECT COUNT(*) AS c FROM programmed_courses WHERE course_date ='{$safe_date}' ";
    $query .= "AND pseudo = '{$safe_pseudo} ";
    $query .= "AND heure = '{$safe_heure} ";
    $result = mysqli_query($connection, $query);
    confirm_query($result);
    $row = mysqli_fetch_assoc($result);
    return $row['c'];
    //
}
Пример #7
0
function add_member()
{
    global $connection;
    if (($handle = fopen("data/Needtoadd.csv", "r")) !== FALSE) {
        while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
            $username = mysql_prep($data[5], 1, -1);
            $verification_link = random_string();
            $verification_link_send = urlencode($verification_link);
            $idiot_link = urlencode(random_string());
            $email = mysql_prep($data[8], 1, -1);
            $name = mysql_prep($data[0], 1, -1);
            $to = $email;
            $subject = "Set Your Password";
            $message = "Hi {$username}," . "\n" . "\n" . "Click the link below to set your password." . "\n" . "http://www.acmism.org/verification.php?id={$idiot_link}&link={$verification_link_send}" . "\n" . "Thank you for joining us," . "\n" . "Team ACM.";
            $headers = 'From: ACM ISM Student Chapter <*****@*****.**>' . "\r\n" . 'Reply-To: ACM ISM Student Chapter <*****@*****.**>';
            $password = random_string();
            $spoj = mysql_prep($data[5], 1, -1);
            $codechef = mysql_prep($data[6], 1, -1);
            $hackerrank = mysql_prep($data[7], 1, -1);
            $admission = mysql_prep($data[2], 1, -1);
            $member = mysql_prep($data[1], 1, -1);
            $batch = mysql_prep($data[3], 1, -1);
            $branch = mysql_prep($data[4], 1, -1);
            $phone_number = mysql_prep($data[9], 1, -1);
            $hashed_password = sha1($password);
            $query = "INSERT INTO users (\r\n\t\t\t\t\t\tname, username, hashed_password, email, spoj_id, codechef_id, hackerrank_id, admission, member,  batch, branch, phone_number, verification_link\r\n\t\t\t\t\t\t) values (\r\n\t\t\t\t\t\t'{$name}', '{$username}', '{$hashed_password}', '{$email}', '{$spoj}', '{$codechef}', '{$hackerrank}', '{$admission}', '{$member}', '{$batch}', '{$branch}', '{$phone_number}', '{$verification_link}'\r\n\t\t\t\t\t\t)";
            if (mysql_query($query, $connection)) {
                mail($to, $subject, $message, $headers);
                echo "Done " . mysql_prep($data[0], 1, -1);
            } else {
                echo "Left " . mysql_prep($data[0], 1, -1);
                echo mysql_error();
            }
        }
        fclose($handle);
    }
}
Пример #8
0
function mysql_prep($value)
{
    $magic_quotes_active = get_magic_quotes_gpc();
    $new_enough_php = function_exists("mysql_real_escape_string");
    // i.e. PHP >= v4.3.0
    if ($new_enough_php) {
        // PHP v4.3.0 or higher
        // undo any magic quote effects so mysql_real_escape_string can do the work
        if ($magic_quotes_active) {
            $value = stripslashes($value);
        }
        $value = mysql_real_escape_string($value);
    } else {
        // before PHP v4.3.0
        // if magic quotes aren't already on then add slashes manually
        if (!$magic_quotes_active) {
            $value = addslashes($value);
        }
        // if magic quotes are active, then the slashes already exist
    }
    return $value;
    $name = mysql_prep($_POST['name']);
    $content = mysql_prep($_POST['content']);
    $notes = mysql_prep($_POST['notes']);
    $query = "INSERT INTO songs (\n\t\t\t\ttitle, content, song_notes\n\t\t\t) VALUES (\n\t\t\t\t'{$name}', '{$content}', '{$notes}'\n\t\t\t)";
    $result = mysql_query($query, $connection);
    if ($result) {
        // Success!
        echo "success";
        echo "<p>\"{$name}\" added to database.</p>";
    } else {
        // Display error message.
        echo "<p>Subject creation failed.</p>";
        echo "<p>" . mysql_error() . "</p>";
    }
}
Пример #9
0
 if ($_POST["question_bank"] == "World Geography") {
     $question_bank = "world_geography";
 } else {
     $question_bank = "geography";
 }
 /*this is copied from new_teacher, make it relevant to new_question*/
 $question_title = mysql_prep($_POST["question_title"]);
 $quiz_name = $_POST["quiz_name"];
 $question = mysql_prep($_POST["Question"]);
 $no_sort = $_POST["no_sort"];
 $image_exist = $_POST["image_exist"];
 $answer_correct = mysql_prep($_POST["AnswerCorrect"]);
 $distractor_one = mysql_prep($_POST["Distractor1"]);
 $distractor_two = mysql_prep($_POST["Distractor2"]);
 $distractor_three = mysql_prep($_POST["Distractor3"]);
 $distractor_four = mysql_prep($_POST["Distractor4"]);
 /*$query  = "INSERT INTO $question_bank (";
   $query .= " QuestionTitle ";
   $query .= ") VALUES (";
   $query .= " '{$question_title}'";
   $query .= ")";*/
 $query = "INSERT INTO {$question_bank} (";
 $query .= " quiz_id, QuestionTitle, quiz_name, Question, no_sort, AnswerCorrect, Distractor1, Distractor2, Distractor3, Distractor4";
 $query .= ") VALUES (";
 $query .= " {$quiz_id}, '{$question_title}', '{$quiz_name}', '{$question}', '{$no_sort}', '{$answer_correct}', '{$distractor_one}', '{$distractor_two}', '{$distractor_three}', '{$distractor_four}' ";
 $query .= ")";
 $result = mysqli_query($connection, $query);
 if ($result) {
     // Success
     $_SESSION["message"] = "Question successfully added!";
     $findID_query = "SELECT * FROM {$question_bank} WHERE quiz_id={$quiz_id} AND QuestionTitle='{$question_title}'";
Пример #10
0
     // No errors, so update database:
     // Get the variables set in the new_subject.php form and modify them using our
     // mysql_prep() function in functions.php to ensure SQL correctness.
     $get_chapter_id = mysql_prep($_GET['chapter']);
     $chapter_id = intval($get_chapter_id);
     // make sure it's an integer
     $content = mysql_prep($_POST['content']);
     // Execute three queries. One on the chapter table; two on the options table
     // CHAPTER TABLE UPDATE
     $query = "UPDATE \t\tchapters\n\t\t\t\t\t\tSET \t\tcontent\t\t= \t'{$content}', endpoint = {$endpoint}\n\t\t\t\t\t\tWHERE\t\tid\t=\t{$chapter_id}";
     $result = mysql_query($query, $connection);
     if (!$result) {
         $errors[] = mysql_error();
     }
     // Update or create the options
     $options = array("first" => array("id" => intval(mysql_prep($options[0]["id"])), "content" => trim(mysql_prep($_POST['option0']))), "second" => array("id" => intval(mysql_prep($options[1]["id"])), "content" => trim(mysql_prep($_POST['option1']))));
     include "includes/edit_options.php";
     // Test for success (make sure 1 row was changed)
     if (count($errors) < 1) {
         // success -- redirect to new page
         redirect_to("read_chapter.php?chapter={$chapter_id}");
     } else {
         // failure
         echo count($errors);
         $message = "Gee, we seem to have a problem. Try again? <br />";
     }
 } else {
     // errors in form
     $message = "Looks like you have " . count($errors);
     if (count($errors) > 1) {
         $message .= " errors in your form.";
Пример #11
0
<?php

require_once "../includes/session.php";
?>
 
<?php 
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_function.php";
if (isset($_POST['submit'])) {
    $menu_name = mysql_prep($_POST["menu_name"]);
    $position = (int) $_POST["position"];
    $visible = (int) $_POST["visible"];
    $required_fields = array("menu_name", "position", "visible");
    validate_presences($required_fields);
    $fields_with_max_lenghts = array("menu_name" => 30);
    validate_max_lengths($fields_with_max_lenghts);
    if (!empty($errors)) {
        $_SESSION["errors"] = $errors;
        redirect_to("new_window.php");
    }
    $query = "INSERT INTO windows ( ";
    $query .= "menu_name ,position, visible ";
    $query .= ") VALUES ( ";
    $query .= " '{$menu_name}',{$position} ,{$visible}";
    $query .= ")";
    echo $query;
    $result = mysqli_query($conn, $query);
    if ($result) {
        $_SESSION["message"] = "Window created.";
        redirect_to("manage_content.php");
Пример #12
0
if (!$admin) {
    redirect_to("index.php");
}
?>
	<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //validation
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $fields_with_max_lenghts = array("username" => 30);
    validate_max_lengths($fields_with_max_lenghts);
    if (empty($errors)) {
        $id = $admin['id'];
        $username = trim($_POST["username"]);
        $password = trim($_POST["password"]);
        $username = mysql_prep($username);
        $password1 = password_encrypt($password);
        $query = "UPDATE admins SET ";
        $query .= " username = '******', ";
        $query .= " hashed_password = '******' ";
        $query .= " WHERE id = {$id}";
        $query .= " LIMIT 1";
        $result = mysqli_query($connection, $query);
        if ($result) {
            $_SESSION["message"] = "Admin updated";
            redirect_to("manage_admins.php");
        } else {
            $_SESSION["message"] = "Admin is not updated";
            redirect_to("manage_admins.php");
        }
    } else {
Пример #13
0
            //    unset($_POST);
        }
    }
}
if (isset($_POST['submit_links'])) {
    // see introducing php
    $expected = array("name", "web_address", "description", "category", "sub_category_1", "sub_category_2", "privacy", "rank", "username");
    $required_fields = array("name", "web_address", "category", "username", "rank");
    //  validate_presences($required_fields);
    foreach ($_POST as $key => $value) {
        $temp = is_array($value) ? $value : trim($value);
        if (empty($temp) && in_array($key, $required_fields)) {
            $missing[] = $key;
            ${$key} = '';
        } elseif (in_array($key, $expected)) {
            ${$key} = mysql_prep($temp);
        }
    }
    if (empty($missing) && empty($errors)) {
        $table = "links";
        $query = " INSERT INTO {$table} ";
        $query .= "(";
        $query .= "name, ";
        $query .= "web_address, ";
        $query .= "description, ";
        $query .= "category, ";
        $query .= "sub_category_1, ";
        $query .= "sub_category_2, ";
        $query .= "privacy, ";
        $query .= "rank, ";
        $query .= "username ";
Пример #14
0
$active_page = "videos";
?>
<link rel="stylesheet" type="text/css" href="stylesheets/videos.css">
<?php 
$admin = logged_in();
global $connection;
$errors = errors();
?>

<?php 
if (isset($_POST["submit"]) && $admin) {
    // User adding a song.
    $requiredfields = array("newvideo");
    validate_presences($requiredfields);
    if (empty($errors)) {
        $newsong = mysql_prep($_POST["newvideo"]);
        $query = "INSERT INTO videos (";
        $query .= " videocode";
        $query .= ") VALUES (";
        $query .= " '{$newsong}'";
        $query .= ")";
        $result = mysqli_query($connection, $query);
        if ($result) {
            // Success
            $_SESSION["message"] = "Video successfully added!";
        } else {
            // Failure
            $_SESSION["message"] = "Video failed to add!";
        }
        redirect_to("index.php?redirect=videos");
    } else {
Пример #15
0
<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_functions.php";
prevent_double_teacher_login();
$username = "";
if (isset($_POST['submit'])) {
    // Process the form
    // validations
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $username = mysql_prep($_POST["username"]);
    $password = mysql_prep($_POST["password"]);
    if (empty($errors)) {
        // Attempt login
        $found_admin = attempt_login($username, $password);
        if ($found_admin) {
            // Success. Mark user as logged in
            $_SESSION["admin_id"] = $found_admin["admin_id"];
            $_SESSION["username"] = $found_admin["username"];
            $_SESSION["teacher_last_name"] = $found_admin["teacher_name"];
            $_SESSION["context"] = "teacher";
            redirect_to("teacher_base.php");
        } else {
            // Failure
            $_SESSION["message"] = "Username/password not found.";
        }
    }
} else {
Пример #16
0
function count_prog_by_date_validated_chauffeur($date_sql)
{
    global $connection;
    $safe_date = mysql_prep($date_sql);
    $query = "SELECT COUNT(*) AS c FROM programmed_courses WHERE course_date ='{$safe_date}' AND validated_chauffeur =1 ";
    $result = mysqli_query($connection, $query);
    confirm_query($result);
    $row = mysqli_fetch_assoc($result);
    return $row['c'];
    //
}
Пример #17
0
        $verification_link_send = urlencode($verification_link);
        $idiot_link = urlencode(random_string());
        $email = mysql_prep($_POST['email']);
        $name = mysql_prep($_POST['name']);
        $to = $email;
        $subject = "Set Your Password";
        $message = "Hi {$username}," . "\n" . "\n" . "Click the link below to set your password." . "\n" . "http://www.acmism.org/verification.php?id={$idiot_link}&link={$verification_link_send}" . "\n" . "Thank you for joining us," . "\n" . "Team ACM.";
        $headers = 'From: ACM ISM Student Chapter <*****@*****.**>' . "\r\n" . 'Reply-To: ACM ISM Student Chapter <*****@*****.**>';
        mail($to, $subject, $message, $headers);
        $password = random_string();
        $spoj = mysql_prep($_POST['spoj']);
        $codechef = mysql_prep($_POST['codechef']);
        $hackerrank = mysql_prep($_POST['hackerrank']);
        $admission = mysql_prep($_POST['admission']);
        $member = mysql_prep($_POST['member']);
        $batch = mysql_prep($_POST['batch']);
        $branch = mysql_prep($_POST['branch']);
        $phone_number = mysql_prep($_POST['phone_number']);
        $hashed_password = sha1($password);
        $query = "INSERT INTO users (\r\n\t\t\t\t\tname, username, hashed_password, email, spoj_id, codechef_id, hackerrank_id, admission, member,  batch, branch, phone_number, verification_link\r\n\t\t\t\t\t) values (\r\n\t\t\t\t\t'{$name}', '{$username}', '{$hashed_password}', '{$email}', '{$spoj}', '{$codechef}', '{$hackerrank}', '{$admission}', '{$member}', '{$batch}', '{$branch}', '{$phone_number}', '{$verification_link}'\r\n\t\t\t\t\t)";
        if (mysql_query($query, $connection)) {
            redirect_to("login.php?log=201");
        } else {
            echo "<p>Could not create user</p>";
            //echo mysql_error();
        }
    }
} else {
    redirect_to("login.php");
}
mysql_close($connection);
Пример #18
0
            }
            // Allow certain file formats
            // Check if $uploadOk is set to 0 by an error
            if ($uploadOk == 0) {
                echo "Sorry, your file was not uploaded.";
                // if everything is ok, try to upload file
            } else {
                if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
                    echo "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
                } else {
                    echo "Sorry, there was an error uploading your file.";
                }
            }
        }
        $project_desc_title = mysql_prep($_POST['project_desc_title']);
        $project_desc = mysql_prep($_POST['project_desc']);
        $dir = basename($_FILES["fileToUpload"]["name"]);
        $date = date('Y-m-d H:i:s');
        $query = "INSERT INTO projects (`project_name`,`project_desc_title`,`project_type_id`,`project_desc`,`project_cover`,`publish_date`)\nVALUES ('" . $project_name . "','" . $project_desc_title . "','1','" . $project_desc . "','" . basename($_FILES["fileToUpload"]["name"]) . "','" . $date . "');";
        file_put_contents('1.txt', $query);
        $result = mysqli_query($connection, $query);
        //this is excuted in case of insert and delete and update as well
        if ($result) {
            $message = "Success";
            file_put_contents('1.txt', $message);
            redirect_to("projects.php");
        } else {
            file_put_contents('1.txt', $query);
        }
    }
}
Пример #19
0
        if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname]) && !is_numeric($_POST[$fieldname])) {
            $errors[] = $fieldname;
        }
    }
    $fields_with_lengths = array('menu_name' => 30);
    foreach ($fields_with_lengths as $fieldname => $maxlength) {
        if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) {
            $errors[] = $fieldname;
        }
    }
    if (empty($errors)) {
        // Perform update
        $id = mysql_prep($_GET['subj']);
        $menu_name = mysql_prep($_POST['menu_name']);
        $position = mysql_prep($_POST['position']);
        $visible = mysql_prep($_POST['visible']);
        $query = "UPDATE subjects SET menu_name = '{$menu_name}', position = {$position}, visible = {$visible} WHERE id = {$id}";
        $result = mysql_query($query, $connection);
        if (mysql_affected_rows() == 1) {
            // Success
            $message = "The subject was successfully updated";
        } else {
            $message = "The subject update failed: " . mysql_error();
        }
    } else {
        $message = "There were " . count($errors) . " errors in the form.";
    }
}
find_selected_page();
include "includes/header.php";
?>
Пример #20
0
require_once "includes/session.php";
//For creating a session, we don't use cookies "for better security"
require_once "includes/functions.php";
//Functions files
require_once "includes/db_connection.php";
//Including the database connection file
confirm_logged_in();
$contact = contact_info();
if (isset($_POST['submit'])) {
    // Process the form
    if (empty($errors)) {
        // Perform Update
        $email = mysql_prep($_POST["email"]);
        $mobile = mysql_prep($_POST["mobile"]);
        $facebook = mysql_prep($_POST["facebook"]);
        $linkedin = mysql_prep($_POST["linkedin"]);
        $query = "UPDATE contact SET ";
        $query .= "email = '{$email}', ";
        $query .= "mobile = '{$mobile}', ";
        $query .= "facebook = '{$facebook}', ";
        $query .= "linkedin = '{$linkedin}' ";
        $query .= "WHERE id = '1' ";
        $query .= "LIMIT 1";
        $result = mysqli_query($connection, $query);
        if ($result && mysqli_affected_rows($connection) == 1) {
            // Success
            $_SESSION["message"] = "Contact Info updated.";
            redirect_to("contact.php?id=8");
        } else {
            // Failure
            $_SESSION["message"] = "Contact Info update failed.";
Пример #21
0
require_once "../includes/layout/functions.php";
require_once "../includes/layout/validation_functions.php";
$admin = find_admin_by_id($_GET["id"]);
if (!$admin) {
    redirect_to("manage_admins.php");
}
if (isset($_POST['submit'])) {
    $required_fields = array("user_name", "hashed_password");
    validate_presences($required_fields);
    $fields_with_max_lengths = array("user_name" => 30);
    validate_with_max_lengths($required_fields);
}
if (empty($errors)) {
    $id = $admin["id"];
    $username = mysql_prep($_POST["username"]);
    $hashed_password = mysql_prep($_POST["password"]);
    $query = "UPDATE admin SET ";
    $query .= "username ='******', ";
    $query .= "hashed_password = '******' ";
    $query .= "WHERE id= {$id} ";
    $query .= "LIMIT 1";
    $result = mysqli_query($connection, $query);
    if ($result && mysqli_affected_rows($connection) == 1) {
        $_SESSION["message"] = "Admin updated.";
        redirect_to("manage_admins.php");
    } else {
        $_SESSION["message"] = "Admin updated faild.";
    }
}
$layout_context = "admin";
include "../includes/layout/header.php";
Пример #22
0
<?php

require_once "includes/session.php";
require_once "includes/connection.php";
require_once "includes/functions.php";
require_once "includes/form_functions.php";
if (isset($_POST['submit'])) {
    $password = mysql_prep($_POST['password']);
    $verification_link = urlencode(random_string());
    $hashed_password = sha1($password);
    $query = "UPDATE users SET\r\n\t\t\t\thashed_password = '******',\r\n\t\t\t\tverification_link = '{$verification_link}',\r\n\t\t\t\tverified = 1\r\n\t\t\t\tWHERE verification_link = '{$_GET['link']}'";
    mysql_query($query, $connection);
    if (mysql_affected_rows() == 1) {
        redirect_to("login.php?log=301");
    } else {
        echo "Could not update password.";
    }
} elseif (isset($_GET['link'])) {
    $verification_link = $_GET['link'];
    $query = "SELECT username\r\n\t\t\t\tFROM users\r\n\t\t\t\tWHERE verification_link = '{$verification_link}'\r\n\t\t\t\tLIMIT 1";
    $user_set = mysql_query($query, $connection);
    confirm_query($user_set);
    if (mysql_num_rows($user_set) == 0) {
        redirect_to("login.php");
    } else {
        $user = mysql_fetch_array($user_set);
    }
} else {
    redirect_to("login.php");
}
require_once "includes/header.php";
Пример #23
0
<?php require_once("./includes/session.php"); ?>
<?php require_once("./includes/db_connection.php"); ?>
<?php require_once("./includes/functions.php"); ?>
<?php
	if(isset($_POST['submit'])){
		$district_id = $_POST["district"];
		$upazila_name = mysql_prep($_POST["upazila_name"]);

		$query =  "INSERT INTO upazilas (";
		$query .= "district_id,name";
		$query .= ") VALUES (";
		$query .= "{$district_id},'{$upazila_name}'";
		$query .= ")";	
		$result = mysqli_query($connection, $query);

		if($result){
			$_SESSION["message"] = "New upazila added successfully";
			redirect_to("index.php");
		} else {
			echo "Upazila creation failed";
		}
	}else {

	} 
?>
<?php include("./includes/layouts/header.php"); ?>
<div id = "main">
	<div id = "navigation">

	</div>
	<div id = "page">
Пример #24
0
}
if (!isset($msg)) {
    $msg = '';
}
$class = $class_first = 'user';
${$class} = new $class();
$class_second = 'user_role';
${$class_second} = new $class_second();
$class_third = 'user_password_reset';
${$class_third} = new $class_third();
if (!empty($_POST['submitLogin'])) {
    //form is submitted for login
    //check use credentials if username & provided
    if (!empty($_POST['username']) && !empty($_POST['password'])) {
        $username = is_array($_POST['username']) ? trim(mysql_prep($_POST['username'][0])) : trim(mysql_prep($_POST['username']));
        $password = is_array($_POST['password']) ? trim(mysql_prep($_POST['password'][0])) : trim(mysql_prep($_POST['password']));
        $loggedin_user = ${$class}->authenticate($username, $password);
        if ($loggedin_user) {
            $session->login($loggedin_user);
            set_default_theme($loggedin_user);
            //	$session->assign_role($_SESSION['user_id']);
            if (!empty($_SESSION['orginal_page']) && strpos($session->orginal_page, 'json_form') == false) {
                //   redirect_to(HOME_URL . "form.php?class_name=user_dashboard_v");
                header('Location: http://' . $session->orginal_page);
                //	 unset($_SESSION['orginal_page']);
                //	 unset($session->orginal_page);
            } else {
                redirect_to(HOME_URL . "form.php?class_name=user_dashboard_v");
            }
        } else {
            $msg .= "<div class='message error'> Username or password is incorrect <br/> </div>";
Пример #25
0
 // Process the form
 // validations
 $required_fields = array("username", "password", "email");
 $_POST["username"] = $admin["username"];
 validate_presences($required_fields);
 $fields_with_max_lengths = array("username" => 30);
 validate_max_lengths($fields_with_max_lengths);
 validate_email(array("email"));
 if (empty($errors)) {
     // Perform Update
     $id = $admin["id"];
     $username = mysql_prep($admin["username"]);
     $hashed_password = password_encrypt($_POST["password"]);
     $email = mysql_prep($_POST["email"]);
     $user_type = mysql_prep($_POST["user_type"]);
     $nom = mysql_prep($admin["nom"]);
     $query = "UPDATE admins SET" . " ";
     //$query .= "username = '******', ";
     $query .= "hashed_password = '******', ";
     $query .= "email = '{$email}', ";
     //$query .= "user_type = '{$user_type}', ";
     $query .= "nom = '{$nom}' ";
     $query .= "WHERE id = {$id} ";
     $query .= "LIMIT 1";
     $result = mysqli_query($connection, $query);
     if ($result && mysqli_affected_rows($connection) == 1) {
         // Success
         $_SESSION["message"] = "New info updated sucessfully.";
         $_SESSION["OK"] = true;
         $_POST = null;
         redirect_to("manage_admins_my_page.php");
Пример #26
0
<?php 
if (!$current_page) {
    //  subject ID was missing or invalid or
    //  subject couldn't be found in database
    redirect_to("manage_content.php");
}
?>

<?php 
if (isset($_POST['submit'])) {
    // process the form
    $id = $current_page["id"];
    $menu_name = mysql_prep($_POST["menu_name"]);
    $position = (int) $_POST["position"];
    $visible = (int) $_POST["visible"];
    $content = mysql_prep($_POST["content"]);
    //  validations
    $required_fields = array("menu_name", "position", "visible", "content");
    validate_presences($required_fields);
    $fields_with_max_length = array("menu_name" => 30);
    validate_max_lengths($fields_with_max_length);
    if (empty($errors)) {
        // Perform Update if errors are empty
        $query = "UPDATE pages SET ";
        $query .= "menu_name = '{$menu_name}', ";
        $query .= "position = {$position}, ";
        $query .= "visible = {$visible}, ";
        $query .= "content = '{$content}' ";
        $query .= "WHERE id = {$id} ";
        $query .= "LIMIT 1";
        $result = mysqli_query($db_connection, $query);
Пример #27
0
<?php

//start form processing
include "connect.php";
include "functions.php";
require_once "connect.php";
if (isset($_POST['submit'])) {
    $password = trim(mysql_prep($_POST['password']));
    $hashed_password = sha1($password);
    $email = trim(mysql_prep($_POST['email']));
    $query = "INSERT INTO members (email, hashed_pass)\n\t\t\t\t\tVALUES ('{$email}', '{$hashed_password}');";
    $result_set = mysql_query($query);
    confirm_query($result_set);
    if ($result_set) {
        redirect_to("Location: ?message=1");
    } else {
        redirect_to("Location: ?message=2");
    }
}
Пример #28
0
?>

<?php 
require_once 'input_verification.php';
require_once 'connect.php';
connect();
?>

<?php 
$errors = array();
//Valdation
$required_fields = array('team_name', 'pass');
$errors = array_merge($errors, check_required_fields($required_fields));
if (empty($errors)) {
    $username = trim(mysql_prep($_GET['team_name']));
    $password = trim(mysql_prep($_GET['pass']));
    //$hashed_password=md5($password);
    $hashed_password = $password;
    //checking database
    $query = "SELECT user_id, team_name, password\r\n\t\t\t\t  FROM checkmate14.user_details\r\n\t\t\t\t  WHERE team_name = '{$username}'\r\n\t\t\t\t  AND password = '******'\r\n\t\t\t\t  LIMIT 1";
    $result_set = mysql_query($query);
    if (!$result_set) {
        echo 2;
        exit;
    }
    $found_user = mysql_fetch_array($result_set);
    if (!$found_user) {
        echo 2;
        exit;
    }
    $query = "SELECT * \r\n\t\t\t\t  FROM user_point\r\n\t\t\t\t  WHERE user_id = '{$found_user['user_id']}'\r\n\t\t\t\t  LIMIT 1";
Пример #29
0
// START FORM PROCESSING
// only execute the form processing if the form has been submitted
if (isset($_POST['submit'])) {
    // initialize an array to hold our errors
    $errors = array();
    // perform validations on the form data
    $required_fields = array('menu_name', 'position', 'visible', 'content');
    $errors = array_merge($errors, check_required_fields($required_fields, $_POST));
    $fields_with_lengths = array('menu_name' => 30);
    $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
    // clean up the form data before putting it in the database
    $subject_id = mysql_prep($_GET['subj']);
    $menu_name = trim(mysql_prep($_POST['menu_name']));
    $position = mysql_prep($_POST['position']);
    $visible = mysql_prep($_POST['visible']);
    $content = mysql_prep($_POST['content']);
    // Database submission only proceeds if there were NO errors.
    if (empty($errors)) {
        $query = "INSERT INTO pages (\n\t\t\t\t\t\tmenu_name, position, visible, content, subject_id\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$menu_name}', {$position}, {$visible}, '{$content}', {$subject_id}\n\t\t\t\t\t)";
        if ($result = mysqli_query($connection, $query)) {
            // as is, $message will still be discarded on the redirect
            $message = "The page was successfully created.";
            // get the last id inserted over the current db connection
            $new_page_id = mysql_insert_id();
            redirect_to("content.php?page={$new_page_id}");
        } else {
            $message = "The page could not be created.";
            $message .= "<br />" . mysql_error();
        }
    } else {
        if (count($errors) == 1) {
Пример #30
0
<?php 
include "index.php";
confirm_logged_in();
?>
<link rel="stylesheet" type="text/css" href="stylesheets/logon.css">

<?php 
// CUSTOMIZE THIS
if (isset($_POST['submit'])) {
    // User has submitted a form.
    $admins = find_all_admins();
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    if (empty($errors)) {
        $username = mysql_prep($_POST["username"]);
        $hashed_password = password_encrypt($_POST["password"]);
        $query = "INSERT INTO admins (";
        $query .= " username, hashed_password";
        $query .= ") VALUES (";
        $query .= " '{$username}', '{$hashed_password}'";
        $query .= ")";
        $result = mysqli_query($connection, $query);
        if ($result) {
            // Success
            $_SESSION["message"] = "Admin created.";
            redirect_to("events.php");
        } else {
            // Failure
            $_SESSION["message"] = "Admin failed to create.";
            redirect_to("events.php");